An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

The blackout that left Spain without power last April was the most severe incident to hit European networks in two decades and the first of its kind, according to the European Network of Transmission System Operators for Electricity. Damian Cortinas, the organization's chairman, said the April 28 outage was Europe's first blackout linked to cascading voltages. More than 50 million people lost electricity for several hours.

A preliminary report published in July attributed the outage to a chain of power generation disconnections and abnormal voltage surges. The final assessment will be released in the first quarter of next year and presented to the European Commission and member states. A government probe in June found that grid operator Red Electrica failed to replace one of 10 planned thermal plants, reducing reserve capacity. Spain spent only $0.3 on its grid for every dollar invested in renewables between 2020 and 2024, the lowest ratio among European countries and well below the $0.7 average.

Walmart plans to deploy sensors across its 4,600 US stores by the end of 2026 to track 90 million pallets of groceries shipped annually [Editor's note: non-paywalled source]. The retailer and technology vendor Wiliot announced the expansion Thursday. The sensors will monitor the location, condition and temperature of perishables as they move from warehouses to stores. Walmart started testing Wiliot's sensors at a Texas warehouse in 2023 and has expanded to 500 locations. The full rollout will cover the retailer's US store network and 40 distribution centers.

The microchips measure 0.7 square millimeters and are embedded in shipping labels. They use Bluetooth to transmit real-time data about pallets. Walmart previously relied on manual scanning and paper checks by employees. The Arkansas-based company employs 2.1 million people but increased revenues by $150 billion over five years without adding workers. Walmart accounts for more than a fifth of US grocery sales.

An anonymous reader shares a report: It's not the vibes; Earth is literally getting darker. Scientists have discovered that our planet has been reflecting less light in both hemispheres, with a more pronounced darkening in the Northern hemisphere, according to a study published on Monday in Proceedings of the National Academy of Sciences.

The new trend upends longstanding symmetry in the surface albedo, or reflectivity, of the Northern and Southern hemispheres. In other words, clouds circulate in a way that equalizes hemispheric differences, such as the uneven distribution of land, so that the albedos roughly match -- though nobody knows why. "There are all kinds of things that people have noticed in observations and simulations that tend to suggest that you have this hemispheric symmetry as a kind of fundamental property of the climate system, but nobody's really come up with a theoretical framework or explanation for it," said Norman Loeb, a physical scientist at NASA's Langley Research Center, who led the new study. "It's always been something that we've observed, but we haven't really explained it fully."

To study this mystery, Loeb and his colleagues analyzed 24 years of observations captured since 2000 by the Clouds and the Earth's Radiant Energy System (CERES), a network of instruments placed on several NOAA and NASA satellites. Instead of an explanation for the strange symmetry, the results revealed an emerging asymmetry in hemispheric albedo; though both hemispheres are darkening, the Northern hemisphere shows more pronounced changes which challenges "the hypothesis that hemispheric symmetry in albedo is a fundamental property of Earth," according to the study.

Major health insurers are threatening to drop renowned cancer centers from their networks during contract negotiations, Memorial Sloan Kettering Cancer Center's president and CEO Selwyn M. Vickers and chairman Scott M. Stuart wrote in a story published by WSJ. Memorial Sloan Kettering Cancer Center reported that both Anthem Blue Cross Blue Shield and UnitedHealthcare prepared to terminate network agreements while patients underwent active cancer treatment. FTI Consulting found that 45% of 133 provider-payer disputes in 2024 failed to reach timely agreements. The disruptions have affected tens of thousands of patients.

Research published in the Journal of the National Cancer Institute found that care disruptions lead to more advanced-stage diagnoses and worse outcomes. Similar contract disputes involved Mayo Clinic, Johns Hopkins University and University of North Carolina Health. New York lawmakers introduced legislation this year requiring insurers to maintain coverage for cancer patients during negotiations and until treatment concludes. Memorial Sloan Kettering's leadership described the practice as using patients as bargaining chips despite record insurer profits.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

Starting in November, Venmo and PayPal users will finally be able to send money directly to each other, ending years of workarounds despite Venmo being owned by PayPal. TechCrunch reports: This change means that PayPal users will now be able to find Venmo users by inputting their phone numbers, and later, their email addresses. If you don't want PayPal users to be able to find you, you can update your settings in the Venmo app by navigating to Settings - Privacy - Find me... and while you're at it, you might as well default your Venmo transactions to private via Settings > Privacy. You'll thank me in the long run.

PayPal announced that it would broaden its network of payment systems in July, starting with Venmo, but the companies did not confirm the date of the update until now. This collection of partnerships, which PayPal has named PayPal World, will also work with Mercado Pago, NPCI International Payments Limited, and Tenpay Global. This will help users send money internationally without barriers and fees. Combined, Venmo and PayPal have 2 billion global users, according to PayPal.

Camembert writes: In a move that is sure to make Ripple nervous, traditional financial network Swift announced yesterday that it is partnering with Consensys and more than 30 global banks to build a blockchain based network that will run in parallel with its traditional network. Interestingly, unlike XRP, there is no native coin, rather it aims for interoperability (probably using Chainlink with whom the company did case studies for a few years already). There is also a strong focus on regulatory compliance. There are several news articles and opinion pieces on this event; I linked the Reuters article.

An anonymous reader writes: Landlords are using a service that logs into a potential renter's employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, according to screenshots of the tool shared with 404 Media.

The screenshots highlight the intrusive methods some landlords use when screening potential tenants, taking information they may not need, or legally be entitled to, to assess a renter.

"This is a statewide consumer-finance abuse that forces renters to surrender payroll and bank logins or face homelessness," one renter who was forced to use the tool and who saw it taking more data than was necessary for their apartment application told 404 Media. 404 Media granted the person anonymity to protect them from retaliation from their landlord or the services used.

[...] "Argyle hijacked my live Workday session, stayed hidden from view, and downloaded every pay stub plus all W-4s back to 2024, each PDF seconds apart," they said. "Workday audit logs show dozens of 'Print' events from two IPs from a MAC which I do not use," they added, referring to a MAC address, a unique identifier assigned to each device on a network.

Six months ago California had 48% more public and "shared" private EV chargers than gasoline nozzles. (In March California had 178,000 public and shared private EV chargers, versus about 120,000 gas nozzles.)

Since then they've added 23,000 more public/shared charging ports — and announced this week that there's now 68% more EV charger ports than the number of gasoline nozzles statewide. "Thanks to the state's ever-expanding charger network, 94% of Californians live within 10 minutes of an EV charger," according to the announcement from the state's energy policy agency. And the California Energy Commission staff told CleanTechnica they expect more chargers in the future. "We are watching increased private investment by consortiums like IONNA and OEMs like Rivian, Ford, and others that are actively installing EV charging stations throughout the state."

Clean Technica notes in 2019, the state had roughly 42,000 charging ports and now there are a little over 200,000. (And today there's about 800,000 home EV chargers.)

This week California announced another milestone: that in 2024 nearly 23% of all the state's new truck sales — that's trucks, buses, and vans — were zero-emission vehicles. (The state subsidizes electric trucks — $200 million was requested on the program's first day.) Greenhouse gas emissions in California are down 20% since 2000 — even as the state's GDP increased 78% in that same time period all while becoming the world's fourth largest economy.

The state also continues to set clean energy records. California was powered by two-thirds clean energy in 2023, the latest year for which data is available — the largest economy in the world to achieve this level of clean energy. The state has run on 100% clean electricity for some part of the day almost every day this year.
"Last year, California ran on 100% clean electricity for the equivalent of 51 days," notes another announcement, which points out California has 15,763 MW of battery storage capacity — roughly a third of the amount projected to be needed by 2045.

Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation.

This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.
More from Cybersecurity News: SonicWall has linked these malicious logins to CVE-2024-40766, an improper access control vulnerability disclosed in 2024. The working theory is that threat actors harvested credentials from devices that were previously vulnerable and are now using them in this campaign, even if the devices have since been patched. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit.

Once inside a network, the attackers operate with remarkable speed. The time from initial access to ransomware deployment, known as "dwell time," is often measured in hours, with some intrusions taking as little as 55 minutes, Arctic Wolf said. This extremely short window for response makes early detection critical.
"Threat actors in the present campaign successfully authenticated against accounts with the one-time password (OTP) MFA feature enabled..." notes Artic Wolf Labs: The threats described in this campaign demand early detection and a rapid response to avoid catastrophic impact to organizations. To facilitate this process, we recommend monitoring for VPN logins originating from untrusted hosting infrastructure. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access. Monitoring for anomalous SMB activity indicative of Impacket use provides an additional early detection opportunity.

When firewalls are confirmed to be running firmware versions vulnerable to credential access or full configuration export, patching alone is not enough. In such situations, credentials must be reset wherever possible, including MFA-related secrets that might otherwise be thought of as secure, and Active Directory credentials with VPN access. These considerations are best practices that apply regardless of which firewall products are in use.
Thanks to Slashdot reader Mirnotoriety for suggesting this story.

Cloudflare announced plans Thursday to launch NET Dollar, a U.S. dollar-backed stablecoin designed to enable autonomous AI agents to conduct instant financial transactions. The company says the stablecoin will support microtransactions and pay-per-use models as AI agents take over tasks like booking flights and ordering groceries. BrianFagioli comments: A U.S. dollar-backed cryptocurrency from Cloudflare feels unusual to me, and I'm still surprised by it. The decision shows just how much the Internet is shifting in response to artificial intelligence.

CEO Matthew Prince said, "For decades, the business model of the Internet ran on ad platforms and bank transfers. The Internet's next business model will be powered by pay-per-use, fractional payments, and microtransactions -- "tools that shift incentives toward original, creative content that actually adds value." He added that by using its global network, Cloudflare aims to "help modernize the financial rails needed to move money at the speed of the Internet."

Cloudflare blocked the largest-ever DDoS attack against a European network infrastructure company, which peaked at 22.2 Tbps and 10.6 Bpps. The hyper-volumetric attack has been linked to the Aisuru botnet and lasted just 40 seconds, but was double the size of the previous record. SecurityWeek reports: Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs. Aisuru has been around for more than a year. The botnet is powered by hacked IoT devices such as routers and DVRs that have been compromised through the exploitation of known and zero-day vulnerabilities.

According to Cloudflare, the 22 Tbps attack was traced to over 404,000 unique source IPs across over 14 ASNs worldwide. "Based on internal analysis using a proprietary system, the source IPs were not spoofed," the company explained. The security firm described it as a UDP carpet bomb attack targeting an average of 31,000 destination ports per second, with a peak of 47k ports, all of a single IP address. Cloudflare revealed in July that the number of DDoS attacks it blocked in the first half of 2025 had already exceeded all the attacks mitigated in 2024.

An anonymous reader quotes a report from The Guardian: After deflecting the US Department of Justice's attack on its illegal monopoly in online search, Google is facing another attempt to dismantle its internet empire in a trial focused on abusive tactics in digital advertising. The trial that opened Monday in an Alexandria, Virginia, federal court revolves around the harmful conduct that resulted in US district Judge Leonie Brinkema declaring parts of Google's digital advertising technology to be an illegal monopoly in April. The judge found that Google has been engaging in behavior that stifles competition to the detriment of online publishers that depend on the system for revenue.

Google and the justice department will spend the next two weeks in court presenting evidence in a "remedy" trial that will culminate in Brinkema issuing a ruling on how to restore fair market conditions. If the justice department gets its way, Brinkema will order Google to sell parts of its ad technology -- a proposal that the company's lawyers warned would "invite disruption and damage" to consumers and the internet's ecosystem. The justice department contends a breakup would be the most effective and quickest way to undercut a monopoly that has been stifling competition and innovation for years. [...]

The case, filed in 2023 under Joe Biden's administration, threatens the complex network that Google has spent the past 17 years building to power its dominant digital advertising business. Digital advertising sales account for most of the $305 billion in revenue that Google's services division generates for its corporate parent Alphabet. The company's sprawling network of display ads provide the lifeblood that keeps thousands of websites alive. Google believes it has already made enough changes to its "ad manager" system, including providing more options and pricing options, to resolve the problems Brinkema flagged in her monopoly ruling.

Microsoft is preparing a Publisher Content Marketplace to pay publishers when their work is used in AI products like Copilot. Neowin reports: Microsoft is reportedly discussing with select US publishers a pilot program for its so-called Publisher Content Marketplace, a system that pays publishers for their content when it gets used by AI products, starting with its own Copilot assistant. The PCM will launch with a limited number of partners before Microsoft hopes to expand the program over time. The company pitched the idea to publishing executives at an invite-only Partner Summit in Monaco last week. Microsoft was allegedly courting them with the message: "You deserve to be paid on the quality of your IP." No concrete launch date for the pilot was shared.

As Axios notes, Microsoft is the first major company to try to build a proper AI marketplace for publishers. Other AI labs like OpenAI have mostly focused on securing one-off licensing deals instead of building a platform for ongoing transactions. Companies like Cloudflare are also working on a more technical, network-level solution to this problem.

mrspoonsi writes: The US Secret Service says it has dismantled a network of more than 300 SIM servers and 100,000 SIM cards in the New York area that were capable of crippling telecom systems.

The devices were "concentrated within 35 miles of the global meeting of the UN General Assembly now under way in New York City" and an investigation has been launched, it adds in a press statement.

The Secret Service says the dangers posed included "disabling cell phone towers, enabling denial of services attacks, and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises."

The rise of self-driving cars could eventually cost many ride-hailing drivers their jobs -- and that's a big problem, Uber CEO Dara Khosrowshahi said. From a report: Khosrowshahi spoke about the issue onstage this month at a summit hosted by the "All-In" podcast, which posted a video of the conversation on Wednesday. At the summit, Khosrowshahi was asked about concerns that gig workers, who have played a key role in Uber's development, will eventually lose their jobs as self-driving cars become more prevalent.

The Uber CEO said he expects human drivers to continue working alongside self-driving cars in Uber's network in the coming years. "For the next five to seven years, we're going to have more human drivers and delivery people, just because we're going so quickly," Khosrowshahi said. "But, I think, 10 to 15 years from now, this is going to be a real issue," he said about drivers losing their jobs.

"On a recent assignment to test defenses, Dave Brauchler of the cybersecurity company NCC Group tricked a client's AI program-writing assistant into executing programs that forked over the company's databases and code repositories," reports the Washington Post.

"We have never been this foolish with security," Brauchler said... Demonstrations at last month's Black Hat security conference in Las Vegas included other attention-getting means of exploiting artificial intelligence. In one, an imagined attacker sent documents by email with hidden instructions aimed at ChatGPT or competitors. If a user asked for a summary or one was made automatically, the program would execute the instructions, even finding digital passwords and sending them out of the network. A similar attack on Google's Gemini didn't even need an attachment, just an email with hidden directives. The AI summary falsely told the target an account had been compromised and that they should call the attacker's number, mimicking successful phishing scams.

The threats become more concerning with the rise of agentic AI, which empowers browsers and other tools to conduct transactions and make other decisions without human oversight. Already, security company Guardio has tricked the agentic Comet browser addition from Perplexity into buying a watch from a fake online store and to follow instructions from a fake banking email...

Advanced AI programs also are beginning to be used to find previously undiscovered security flaws, the so-called zero-days that hackers highly prize and exploit to gain entry into software that is configured correctly and fully updated with security patches. Seven teams of hackers that developed autonomous "cyber reasoning systems" for a contest held last month by the Pentagon's Defense Advanced Research Projects Agency were able to find a total of 18 zero-days in 54 million lines of open source code. They worked to patch those vulnerabilities, but officials said hackers around the world are developing similar efforts to locate and exploit them. Some longtime security defenders are predicting a once-in-a-lifetime, worldwide mad dash to use the technology to find new flaws and exploit them, leaving back doors in place that they can return to at leisure.

The real nightmare scenario is when these worlds collide, and an attacker's AI finds a way in and then starts communicating with the victim's AI, working in partnership — "having the bad guy AI collaborate with the good guy AI," as SentinelOne's [threat researcher Alex] Delamotte put it. "Next year," said Adam Meyers, senior vice president at CrowdStrike, "AI will be the new insider threat."
In August more than 1,000 people lost data to a modified Nx program (downloaded hundreds of thousands of times) that used pre-installed coding tools from Google/Anthropic/etc. According to the article, the malware "instructed those programs to root out" sensitive data (including passwords or cryptocurrency wallets) and send it back to the attacker. "The more autonomy and access to production environments such tools have, the more havoc they can wreak," the article points out — including this quote from SentinelOne threat researcher Alex Delamotte.

"It's kind of unfair that we're having AI pushed on us in every single product when it introduces new risks."

Amazon's logistics network will now fulfill orders placed on Walmart.com, the company announced at its Accelerate seller conference, creating a surreal arrangement where the e-commerce giant directly supports its biggest retail rival's online operations. Third-party sellers can now use Amazon's Multichannel Fulfillment service to automatically process Walmart orders through direct integration. The packages arrive in unbranded boxes since Walmart prohibits Amazon-branded deliveries to its customers.

Amazon VP Dharmesh Mehta told GeekWire the system automatically routes any Walmart order through Amazon's fulfillment network. The service expansion includes upcoming Shein integration and existing support for eBay, Etsy, and Temu. Amazon's third-party seller services generated $156 billion in 2024 revenue. The company now competes directly against ShipBob, FedEx, UPS, and ironically Walmart's own fulfillment services while positioning itself as an end-to-end logistics provider regardless of where the sale originates.

Microsoft will increase Xbox Series X and Series S console prices in the United States on October 3. The Series X rises to $649.99 from $599.99 and the 512GB Series S increases to $399.99 from $379.99. The 1TB Series S moves to $449.99 from $429.99. The Series X Digital Edition reaches $599.99 from $549.99 and the 2TB Galaxy Black Special Edition climbs to $799.99 from $729.99. Microsoft cited macroeconomic changes for the increases. Console prices outside the US and controller and headset prices domestically remain unchanged. The company raised console prices globally in May.